diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:46:12 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:46:12 +0000 |
| commit | aedd73055238aaf8082687c3977d6a06ef5855ab (patch) | |
| tree | 432a3266e5dd5c720241bb49d490f666b6c60f8b | |
| parent | bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5 (diff) | |
| download | forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.gz forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.bz2 forums-aedd73055238aaf8082687c3977d6a06ef5855ab.tar.xz forums-aedd73055238aaf8082687c3977d6a06ef5855ab.zip | |
Of course it has to be more tricky than that doesn't it ... well, I'm off to bed so it can stick it up its pipe and smoke it for now :D
git-svn-id: file:///svn/phpbb/trunk@3078 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/db/mysql.php | 4 | ||||
| -rw-r--r-- | phpBB/db/mysql4.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/page_tail.php | 2 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 10 |
4 files changed, 12 insertions, 10 deletions
diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php index 8776d3e5ac..132b64f79f 100644 --- a/phpBB/db/mysql.php +++ b/phpBB/db/mysql.php @@ -139,7 +139,7 @@ class sql_db $endtime = explode(' ', microtime()); $endtime = $endtime[0] + $endtime[1] - $starttime; - $this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n"; + $this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n"; if ($this->query_result) { $this->sql_report .= "Time before: $curtime\nTime after: $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>"; @@ -147,7 +147,7 @@ class sql_db else { $error = $this->sql_error(); - $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>'; + $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>'; } $this->sql_time += $endtime - $curtime; if (preg_match('/^SELECT/', $query)) diff --git a/phpBB/db/mysql4.php b/phpBB/db/mysql4.php index 921db44ba5..6c1b027697 100644 --- a/phpBB/db/mysql4.php +++ b/phpBB/db/mysql4.php @@ -134,12 +134,12 @@ class sql_db { $this->sql_error($query); } - if (!empty($_REQUEST['explain'])) +if (!empty($_REQUEST['explain'])) { $endtime = explode(' ', microtime()); $endtime = $endtime[0] + $endtime[1] - $starttime; - $this->sql_report .= "<pre>Query:\t" . preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query) . "\n\n"; + $this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n"; if ($this->query_result) { $this->sql_report .= "Time before: $curtime\nTime after: $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>"; @@ -147,7 +147,7 @@ class sql_db else { $error = $this->sql_error(); - $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . $error['message'] . '<br><br><pre>'; + $this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>'; } $this->sql_time += $endtime - $curtime; if (preg_match('/^SELECT/', $query)) diff --git a/phpBB/includes/page_tail.php b/phpBB/includes/page_tail.php index f2ff5f8cbf..32de512e4f 100644 --- a/phpBB/includes/page_tail.php +++ b/phpBB/includes/page_tail.php @@ -40,7 +40,7 @@ if (defined('DEBUG')) if ($auth->acl_get('a_')) { - $debug_output .= ' | <a href="' . $_SERVER['REQUEST_URI'] . '&explain=1">Explain</a>'; + $debug_output .= ' | <a href="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '&explain=1">Explain</a>'; } $debug_output .= ' ]'; } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 68c8b17a9a..8784e2ee91 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -272,7 +272,7 @@ if ($user->data['user_id'] != ANONYMOUS) } // Was a highlight request part of the URI? -$highlight_match = ''; +$highlight_match = $highlight = ''; if (isset($_GET['highlight'])) { // Split words and phrases @@ -286,6 +286,8 @@ if (isset($_GET['highlight'])) } } unset($words); + + $highlight = urlencode($_GET['highlight']); } // Quick mod tools @@ -300,7 +302,7 @@ $topic_mod .= ($auth->acl_gets('m_split', 'a_', $forum_id)) ? '<option value="sp $topic_mod .= ($auth->acl_gets('m_merge', 'a_', $forum_id)) ? '<option value="merge">' . $user->lang['Merge_topic'] . '</option>' : ''; // If we've got a hightlight set pass it on to pagination. -$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order&highlight=" . urlencode($_GET['highlight']), $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order", $topic_replies, $config['posts_per_page'], $start); +$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order&highlight=$highlight", $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order", $topic_replies, $config['posts_per_page'], $start); // Post, reply and other URL generation for // templating vars @@ -429,13 +431,13 @@ $template->assign_vars(array( 'S_MOD_ACTION' => "modcp.$phpEx$SID&t=$topic_id", 'S_WATCH_TOPIC' => $s_watching_topic, - 'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=" . urlencode($_GET['highlight']), + 'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=$highlight", 'U_TOPIC' => $server_path . 'viewtopic.' . $phpEx . '?t=' . $topic_id, 'U_FORUM' => $server_path, 'U_VIEW_FORUM' => $view_forum_url, 'U_VIEW_OLDER_TOPIC' => $view_prev_topic_url, 'U_VIEW_NEWER_TOPIC' => $view_next_topic_url, - 'U_PRINT_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=" . $_GET['highlight'] . "&view=print", + 'U_PRINT_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=$highlight&view=print", 'U_POST_NEW_TOPIC' => $new_topic_url, 'U_POST_REPLY_TOPIC' => $reply_topic_url) ); |